A common question that arises in the area of network automation is:
What’s the difference between Ansible and Nornir?
I mean, they are both frameworks that can manage and automate groups of network devices, right? They are also both built on top of Python. So what is the difference between these 2 tools?
Within this post, we are going to answer these questions and more. So let’s dive in!
First of all…
What is Ansible?
Ansible is an open-source agentless tool/framework, provided by Red Hat, that allows you to automate hosts using SSH.
At a high level, Ansible takes 2 inputs - an inventory and a playbook, both of which are YAML-based files. Here’s a summary of these 2 inputs:
- Inventory- the hosts we want Ansible to automate (contains IPs etc).
- Playbook- what actions we want to perform on the hosts. The playbook is broken down into:
- play: contains a set of tasks
- task: contains a set of modules
- module: takes various inputs and performs/executes actions upon the target host.
Ansible takes these inputs then connects out to the hosts defined within the inventory via SSH and performs the actions within the playbooks.
Below is an overview of Ansible:
What Is Nornir?
Nornir (from the creator of NAPALM, David Barroso) is a pluggable open-source multithreaded framework with inventory management to help operate groups of devices. Nornir is 100% Python. Whereas many automation frameworks (such as Ansible) use their own domain-specific language (DSL), Nornir lets you control everything from Python. Like Ansible, Nornir is also agentless.
Similar to Ansible, Nornir is also provided with an inventory. However, unlike Ansible and its use of YAML playbooks, Nornir uses Python scripts and tasks to define the actions that we want to perform.
To run Nornir we just run the Nornir Python script via Python. At this point, Nornir will connect to the devices within the inventory and perform the necessary actions that have been defined within our Nornir tasks.
Below is an overview of Nornir:
Looking to learn more about Nornir? If so check out the Packet Coders Nornir course below:
Ansible vs Nornir
So as we have learnt, Ansible and Nornir can both be used to automate the network - so what is the real difference between the 2?
High-Level Differences
OK, so first of all, at a high level, they are both agentless and allow you to automate groups of devices. For both Nornir and Ansible, the target hosts that we want to automate are defined via an inventory. However, when it comes to defining what we want to do against our inventory, this is driven by YAML playbooks for Ansible and Python scripts for Nornir. As we will see shortly, this difference plays a big part in the barrier to entry and debugging differences between the 2 frameworks.
Ansible | Nornir | |
Target hosts defined via: | Inventory | Inventory |
Actions/automation defined via: | YAML playbooks | Pure Python scripts |
Barrier to Entry
As only YAML is required to drive and describe the actions that you want Ansible to perform, the barrier to entry is far less with Ansible than with Nornir, for which Python is required.
Therefore, you can get some extremely quick wins with Ansible with little programming knowledge. However, it is worth mentioning that advanced Python knowledge is not required to use Nornir. So, even though you need to write Python, you will also benefit in other areas - as we will now see.
Ansible | Nornir | |
Barrier to Entry | Low | Moderate |
Complex Logic
When it comes to performing complex logic within Ansible, things can become difficult. This is because rather than being able to write Python to be able to perform the required iteration or steps, the logic must be written within the playbook as YAML. This can involve jumping through various/additional hoops, to achieve, what would have been fairly simple to perform directly within Python.
Ansible | Nornir | |
Complex Logic | Difficult, due to YAML-based DSL | Pure Python is used |
Debugging
As Nornir is pure Python, to debug the various Python debugging tools can be used such as PDB and Rich Inspect. Ansible, on the other hand, requires the use of custom Ansible debugging tools or the Ansible debugging module, and therefore with Ansible it can be trickier to debug issues.
Ansible | Nornir | |
Debugging | Ansible debug module, custom Ansible debugging tools | Rich Inspect, PDB |
Support
Ansible is provided (by Red Hat) as both a community-based tool and a commercial offering that comes with commercial support. Nornir is pure community-led, and therefore only community-based support is available.
Ansible | Nornir | |
Support | Community or commercial | Community only |
Speed
Nornir is considerably quicker than Ansible. Why? First, Nornir is lean. It’s pure Python and there are no layers of translation or serialization required. Ansible, on the other hand, has various levels of serialization, namely the translation of the YAML-based DSL/playbooks, which add to an increase in run times. From research performed online, Nornir was found on average to be 100 times quicker than Ansible.
Ansible | Nornir | |
Speed | ~100 x slower than Nornir** | ~100 x faster than Ansible** |
**Reference/Image Source: Ansible vs. Nornir: Speed Challenge - Networklore.
Summary
Ansible and Nornir are both great tools. Ansible is great for newcomers who are looking for some quick wins. It also provides the safety net of being able to purchase commercial support, should it be required. However, for speed, the ability to add more complex customization and for ease of troubleshooting, Nornir is a perfect tool to explore for automating your network.